FreeBSDE68D3DB1-FD04-11EA-A67F-E09467587C17chromium -- multiple vulnerabilities
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.4%
Chrome Releases reports:
This release fixes 10 security issues, including:
[1100136] High CVE-2020-15960: Out of bounds read in storage.
Reported by Anonymous on 2020-06-28
[1114636] High CVE-2020-15961: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-08-10
[1121836] High CVE-2020-15962: Insufficient policy
enforcement in serial. Reported by Leecraso and Guang Gong of 360
Alpha Lab working with 360 BugCloud on 2020-08-26
[1113558] High CVE-2020-15963: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-08-06
[1126249] High CVE-2020-15965: Out of bounds write in V8.
Reported by Lucas Pinheiro, Microsoft Browser Vulnerability
Research on 2020-09-08
[1113565] Medium CVE-2020-15966: Insufficient policy
enforcement in extensions. Reported by David Erceg on
2020-08-06
[1121414] Low CVE-2020-15964: Insufficient data validation in
media. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on
2020-08-25
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.4%